How to Set Up a Firewall UFW on Ubuntu?

UFW, also known as Uncomplicated Firewall, is a user-friendly front-end for Linux distributions that simplifies the process of setting up firewall rules without dealing with the complexities of IPtables or NFTables. If you’re using Ubuntu Linux and unsure about which tool to use for network security, UFW is a great option.

To configure UFW on Ubuntu , start by making sure the UFW package is installed on your system. Once installed, you can customize netfilter rules to control how UFW manages different types of network traffic, such as allowing or blocking specific ports, protocols or IP addresses. And if you want to further enhance your network security, why not explore our cheap and reliable options to buy VPS for added protection.

This article provides step by step instructions on the process of configuring a Firewall UFW on Ubuntu system. Let’s delve into the key aspects of configuring UFW to strengthen your system’s defense.

Steps to Set Up UFW on Ubuntu

Update System Packages

First of all, press Ctrl+Alt+T and run the following command to update the system packages:

Sudo apt update

UFW Installation

UFW is pre-installed on most Ubuntu versions. But it may not be installed for yours, so first check if UFW is installed using the following command:

sudo dpkg --get-selections | grep ufw

If it is not installed, you can install it using the apt command, as shown below:

sudo apt install ufw -y

Before proceeding, it’s important to confirm the status of UFW—whether it’s active or inactive. To do so, use the following command. If you come across the status: inactive as the response, it means you need to activate UFW.

sudo ufw status

Note: UFW comes pre-installed on Ubuntu 18.04 and later, but it is inactive by default..

Activate UFW

To enable UFW, put this command in the terminal and confirm by typing Y. Once done, you’ll receive the confirmation message “Firewall is active and enabled on system startup.”

sudo ufw enable

You may disable this tool at any time by entering:

sudo ufw disable

Warning: Do not enable UFW before allowing SSH if you’re on a remote machine — you will lock yourself out.

Allow SSH before anything else:

sudo ufw allow ssh

sudo ufw allow 22/tcp

List Current UFW Rules

After the firewall is activated, you can customize rules. To check the default rules, type:

sudo ufw status verbose

To display the current firewall rules in a numbered format, you should apply:

sudo ufw status numbered

The corresponding line numbers will let you easily identify or delete specific rules as needed. So, you see, each rule gets a number based on the sequence they are applied. Let’s say you want to delete a firewall rule, like #4, this is what you type:

sudo ufw delete 4

Rather than relying on rule numbers, you can also delete a rule using its type (such as allow or deny) and the associated service name or port number. For example, suppose you’ve already established a rule to enable SSH connections. Here’s how you can remove that specific rule.

sudo ufw delete allow ssh   &&&     sudo ufw delete allow 22

Set Up Default Policies

The default UFW rules decide how to handle traffic that doesn’t match any other rules you’ve set. Automatically, UFW is configured to ignore all incoming connections and allow all outgoing ones. This means that anyone trying to access your server will fail unless you open a specific port. While any application on the server can communicate with the outside world, Our advice? Reset UFW to its default rules. For this purpose, use these commands:

sudo ufw default allow outgoing

sudo ufw default deny incoming

IPv6 Support

UFW is compatible with both IPv6 and IPv4, but it primarily functions with IPv4. Now, if your Ubuntu Linux supports IPv6, it’s important to ensure that UFW is configured to handle rules for both IPv6 and IPv4 addresses. Check this by:

grep IPV6 /etc/default/ufw

If IPv6 support isn’t enabled, open up the UFW configuration file using nano or your preferred text editor:

sudo nano /etc/default/ufw

Then, set the IPV6 value to “yes” so that it looks like this: IPV6=yes

Save and close the file. Remember, if nano is your text editor of choice, use Ctrl+X, press Y, and then hit ENTER to save your changes and exit the file. Now you can configure UFW to write both IPv4 and IPv6 rules.

Turn on SSH, HTTP and HTTPS Connections

You should establish rules that allow authorized incoming connections, such as SSH or HTTP. Of course, we assume that you need the server to respond to these types of requests. If you are using a cloud server, you need to allow SSH connections to be able to connect to and manage your server.

To set up the server to accept SSH connections, employ the following command:

sudo ufw allow ssh

By running this command, you’ll create new firewall rules that permit all traffic on port 22, the default port for the SSH daemon. Because “allow ssh” is defined as a service in the /etc/services file, UFW understands this command.

However, you can also specify the port number instead of the service name. Check out this command, it does the exact same thing as the last one.

sudo ufw allow 22

When you’ve customized your SSH setup to operate on a non-standard port, make sure to specify that exact port. For example, if your SSH server is configured to accept connections on port 2222/tcp, replace the default port 22 with this specific value. This means:

sudo ufw allow 2222/tcp

To limit the rate of incoming SSH connections and protect your system against attacks, you need to enter:

sudo ufw limit ssh

You can allow HTTP connections on port 80 used by unencrypted web servers by running either of:

sudo ufw allow http   or   sudo ufw allow 80

Repeat the same commands to allow HTTPS connections on port 443 using UFW firewall, but substitute HTTPS and 443 in place of the previous ones.

Open Ports in UFW on Ubuntu

Depending on the Apps running on your system, you might need to open additional ports on Ubuntu . Here’s the general process for opening a port:

Sudo ufw allow portnumber/protocol

Open a Port Range in UFW

Some applications use multiple ports instead of one. Here’s the deal, you can specify a range of ports in your UFW rules. Let’s say you need to open ports from 2290 to 2300 using the TCP protocol, just run the following command:

sudo ufw allow 2290:2300/tcp

For UDP ports, use this one:

sudo ufw allow 2290:2300/udp

Just remember to specify “tcp” or “udp” explicitly. Otherwise, you’ll encounter an error message.

Allow Specific IP Addresses

If you have not changed the default policy for incoming connections, UFW is configured to deny all incoming connections. These settings generally facilitate the process of creating a secure firewall policy that requires defining rules to allow or block certain ports and IP addresses.

To allow connections on all ports from a specific source IP, use “from” after the source address.

sudo ufw allow from IP address

Here’s an example of how to enable connections specifically for the IP address: sudo ufw allow from 64.63.62.61

When dealing with UFW, you can define particular IP addresses to access only a specific port. All you need to do is use “to any port” followed by the port number. To let connections from a specific IP address, like your work or home IP, such as “203.0.113.4,” to access port 22 (SSH), use this command:

sudo ufw allow from 203.0.113.4 to any port 22

Block Ports in UFW on Ubuntu

Sometimes you need to deny certain connections based on the source IP address or subnet. The commands for blocking ports and connections in UFW are similar to the commands for opening ones, but you only need to replace “deny” with “allow.” To shut down specific port, just use:

sudo ufw deny portnumber/protocol

For closing all connections from an IP address such as 64.63.62.61, do the following:

sudo ufw deny from 64.63.62.61

To reject connections from a certain IP on port 22, use:

sudo ufw deny from 64.63.62.61 to any port 22

12. Restart UFW

After making the necessary changes, restart UFW by typing:

Sudo systemctl restart ufw

13. How to Remove UFW in Ubuntu

To uninstall UFW on Ubuntu , type the given command in the terminal:

sudo apt purge gufw ufw -y

Conclusion

In conclusion, UFW is definitely one of the best alternatives for users who prefer to set up their firewall quickly, easily and of course securely. We explained how to set up a firewall with UFW on Linux Ubuntu operating system. Also, we checked how to configure your firewall to allow or deny SSH, HTTP and HTTPS connections. All incoming connections that your server needs to function properly should be allowed. At the same time, unnecessary connections should be blocked to ensure the performance and security of your server.